Active Directory Integration: CPS uses Centrify's leading AD Bridging capabilites to provide organizations AD integration to the solution. It leverages the assets of Centrify Identity Service (formerly known as user suite).

Single Sign-on (SSO): When users have an authenticated Windows session, if configured by the administrator and with a supported browser, the privileged users will get SSO to the portal or apps.

Password Wallet: Users and Administrators can use the built-in password wallet for Web Apps that

Multi-factor Authentication: The platform uses several mechanisms for MFA (Centrify Mobile Authenticator from the registered device's Centrify app, one-time-passwords using SMS, E-mail link, or voice call placed to the user's business or mobile phone.

Multiple Identity Stores: CIS today supports users from connected or disconnected (no trust-relationship) Active Directory forests, but also users form the Centrify Cloud Directory or LDAP; (the list of sources grows as I type).

Per-App VPN (reverse-proxy): Allows the elimination of persistent VPN connections and provide remote access just to the individual application.

Role-based Access Control: System access, and system rights are all based on roles that can be assigned to users from any source.

Federated Identity Support: Enable user access to applications or resources from your partners with a few simple steps.

User Access Request (Workflow and Approvals): Access to apps, login sessions to servers, password checkouts and more can be tied to requests and approvals built-in to the platform.

Enterprise Mobility Management: In the modern enterprise, with apps being accessed from anywhere, mobile phones/tablets being used as secondary factors of authentication, providing MDM, MCM and MAM is very important and this has been a key capability for iOS, MacOS, Android and other platforms.

Simple architecture: On-premise capabilities like AD Bridge, App Gateway (reverse-proxy), support for LDAP are available by installing components that sit behind the corporate firewall (even behind the Proxy).

Datacenter and geographical redundancy plus multi-language: The Identity platform is distributed across Microsoft's Azure infrastructure and it has been translated to over 15 languages.

PKI - Certificate Services: An independent built-in Certificate Authority for each tenant to provide additional encryption services, mutual trust and authentication using PKI certs in the context of data at rest and in transit, federation assertions, end-point certificates, etc.

Bottom-line: CIS is a full-fledged Identity as a Service (IDaaS) solution that eliminates the need for complex federation infrastructure and can be used for multipurpose scenarios of over 3,000 apps.

Privilege Service capabilities

Privilege Session Access: CPS provides the ability to access system resources from a central set of servers (jumpbox). The CPS infrastructure components can be deployed in a few minutes anywhere the organization has IT footprint.

Privilege Session Proctoring and Session Abort: Allows a supervisor to view remote sessions in real time, as well as triggering remote disconnections.

Flexible Storage of Secrets: Organizations have the flexibility to store secrets with the built-in Secure Storage (secured with their individual CA key) or they can use their own Hardware Secure Module. Centrify has partnered with Safenet to deliver integration with KeySecure devices.